doktor, adwokat
Jacek Błachut
Przegląd Konstytucyjny, Numer 3 (2021), 2021, s. 7 - 40
Personal Data Breach. Legal Issues
The subject of this article is the issue of personal data breach, primarily in the context of the provisions of the General Data Protection Regulation (2016/679). The aim of the publication is, in particular, to answer the following questions: do the regulations properly protect the rights of an individual in the event of a breach? do the sanctions and liability rules provided for by these regulations are adequate to the threats? do the sanctions and liability rules respect the requirements of the rule of law? The authors analyze the concept of a personal data breach in detail, including the magnitude of consequences necessary to determine occurrence of a security breach. The article also extensively analyzes the consequences of such breach for entities responsible for personal data processing (organizational effects, documentation and reporting obligations, liability for damages, administrative fines). Particular attention is paid to the decisions of the Polish President of the Personal Data Protection Office regarding violations and the jurisprudence of administrative courts in these types of cases. In conclusion, an assessment is made of the principles of personal data protection against breaches introduced in the General Data Protection Regulation. While approving the generally introduced legal solutions, doubts related to the excessively broad scope of discretion on the part of the authority as to the amount of fines in individual cases are indicated.